Welcome to issue #405 July 1st, 2024

News

Google Cloud expands grounding capabilities on Vertex AI - Google Cloud expands grounding capabilities on Vertex AI, making it easier for customers to build more capable AI agents and applications. Grounding with Google Search, now generally available, will soon offer dynamic retrieval, a new capability to help customers balance quality with cost efficiency. Grounding with high-fidelity mode, announced in experimental preview, is a new feature of the grounded generation API that will further reduce hallucinations. Grounding with third-party datasets is coming in Q3 this year, enabling customers to integrate specialized data into their generative AI agents.

Making Vertex AI the most enterprise-ready generative AI platform - Google Cloud's Vertex AI platform offers enterprise-ready generative AI capabilities. It features models like Gemini 1.5 Flash with a 1 million-token context window, providing low latency and cost-effectiveness. Gemini 1.5 Pro boasts a 2 million-token context window, enabling unique multimodal use cases. Imagen 3, Google's latest image generation model, delivers faster generation, improved prompt comprehension, and photo-realistic images. Vertex AI also supports third-party models like Anthropic's Claude 3.5 Sonnet and open models like Gemma 2. Context caching and provisioned throughput ensure efficient and predictable performance.

Google Cloud Marketplace now lets customers buy ISV solutions from channel partners - Google Cloud Marketplace now allows customers to buy ISV solutions from channel partners. This enables channel partners to maintain their relationships with customers as the partner of choice. ISV partners can expand and scale reach to more customers by bringing their channel partners of choice to the Google Cloud Marketplace. Channel partners can tap into a broad range of ISV products that have been validated to run on Google Cloud and create private offers to end-customers.

New Cloud KMS Autokey can help encrypt your resources quickly and efficiently - Cloud KMS Autokey automates key control operations for Customer-Managed Encryption Keys (CMEK), reducing the manual effort and complexity of managing your own encryption keys. It eliminates manual effort in key creation, simplifies key selection, and ensures consistent practices and granular encryption keys. With Cloud KMS Autokey, you can quickly create CMEK-protected resources, increasing your productivity and reducing the attack surface.

Browser management made easier with Chrome Enterprise Core - Chrome Enterprise Core, a free browser management tool, offers powerful and flexible management capabilities both in the cloud and on premises. IT teams can now configure and manage browser policies, settings, apps, and extensions across browsers from a single console, even with multiple operating systems and devices.

Advancing systems research: Synthesized Google storage I/O traces now available to the community - Google has released synthesized Google I/O traces for storage servers and disks to empower researchers in designing large-scale distributed storage systems. These traces are crucial for understanding real-world storage behavior and performance, enabling researchers to gain deeper insights, build accurate models, and develop targeted optimizations.

GKE under the hood: What’s new with Cluster Autoscaler - Google Kubernetes Engine (GKE) has introduced significant improvements to its Cluster Autoscaler, enhancing workload performance without requiring additional user configuration.

Google is a Leader in the 2024 Gartner® Magic Quadrant for Analytics and Business Intelligence Platforms - Google has been named a Leader in the 2024 Gartner® Magic Quadrant for Analytics and Business Intelligence Platforms.

---

Unlock efficiency by optimizing Kubernetes workloads

Is your Kubernetes setup costing you too much? Watch our free on-demand webinar to learn practical strategies from Revolgy cloud experts on optimizing Kubernetes workloads, reducing costs, and improving performance.

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: How Google is helping to improve rural healthcare cybersecurity - Google is committed to improving rural healthcare cybersecurity. They are providing secure-by-design technologies, information sharing on threats, and putting their security tools in the hands of hospitals and healthcare organizations. Additionally, they are investing in cybersecurity education and training to grow the cybersecurity workforce.

Global Revival of Hacktivism Requires Increased Vigilance from Defenders - Hacktivism has seen a resurgence since early 2022, with actors using more sophisticated tactics and targeting a wider range of organizations. This new wave of hacktivism is driven by various motivations, including geopolitical conflicts, financial gain, and anti-establishment ideologies.

Dashboard for Actions Runner Controller (ARC). Provision to Google Cloud Platform - The Dashboard for Actions Runner Controller (ARC) is essential for operating ARC stably. It provides various metrics such as the number of currently running Runners and any errors in Runner operation. This article explains how to build the ARC Dashboard based on Google Cloud Platform.

Simplifying Google Cloud Migration Center Setup - Google Cloud Migration Center simplifies the migration process by providing detailed analysis of resource utilization, right-sizing information, and total cost of ownership. This blog serves as a comprehensive guide to deploy Migration Center in your environment, including setting up IAM roles, enabling the API, creating a service account, installing the Discovery Client, and configuring data collection.

GCP: Terraform automation for Cloud Build and Cloud Deploy - This article explains how to set up a continuous integration and continuous deployment (CI/CD) pipeline on Google Cloud Platform (GCP) using Terraform. The author provides step-by-step instructions on how to create Terraform modules to automate the provisioning of GCP services such as Artifact Registry, Cloud Run, and Cloud Deploy. The article also covers the basics of Terraform, Kubernetes, and Cloud Computing.

Managed SSL for TCP Loadbalancer in GKE. - In this article, we'll discuss how to use a Google Managed SSL certificate for a TCP Load Balancer in Google Kubernetes Engine (GKE). We'll cover the limitations of using a managed certificate and provide a step-by-step guide on how to set up a TCP/SSL proxy load balancer with a managed certificate.

GCP Organization Migration: Understanding and Methodology for a Successful Migration - Need to migrate all GCP projects with associated workloads from an GCP organization to another GCP organization?

App Development, Serverless, Databases, DevOps

Create custom metrics for Cloud SQL for PostgreSQL and AlloyDB using Logs Explorer - Custom log-based metrics allow you to monitor specific conditions or errors in your PostgreSQL database running on Cloud SQL or AlloyDB. You can create custom metrics using Logs Explorer by defining a metric name, type, and expression that filters the logs for the desired information. This enables you to track and analyze specific events, such as duplicate key violations, long-running queries, or data access-related metrics. You can also set up alerts based on these custom metrics to receive notifications when certain conditions are met.

Character.AI's storybook ending with Memorystore for Redis Cluster - Character.AI, a leader in personalized AI, shares its journey of optimizing its caching layer using Google Cloud's Memorystore for Redis Cluster. The company's mission is to create empathetic and personalized AI-powered Characters, ranging from historical figures to user-generated personas. To enhance user engagement and application responsiveness, Character.AI transitioned from a single Memorystore instance to a sharding proxy and eventually implemented ring hashing in the application layer. The migration to Memorystore for Redis Cluster simplified their architecture, eliminated the need for external sharding mechanisms, and ensured predictable low latencies and zero-downtime scalability.

Free to be SRE — how to use generative AI to code, test and troubleshoot your systems - Generative AI, including Google's Gemini for developers, offers a toolkit that can help streamline SRE operational tasks and boost efficiency. This curated list of resources provides a foundational understanding of generative AI concepts and how to leverage them to enhance operational efficiency. Start with the basics of generative AI and progress to advanced techniques through videos and hands-on labs. Discover how generative AI can revolutionize SRE workflows and unlock a new era of operational excellence.

How to deploy your Streamlit Web App to Google Cloud Run with ease? - A Comprehensive Guide for Building and Deploying ML/Deep Learning Web Apps Using Streamlit.

Rust: OAuth 2.0 for Google Service Account - Step 0 to a Google API Client Library (Unofficial)!

How to prompt Gemini asynchronously using Python on Google Cloud - How to send all your prompts at the same time and collect the answers, rather than sending them one by one, using Python.

Building a Serverless Image Text Extractor and Translator Using Google Cloud Pre-Trained AI - End-to-end creation of a Cloud Run Flask Web Application and a Cloud Function Backend, including design, implementation and best practices.

Big Data, Analytics, ML&AI

The new Tower of Babel? Using multilingual embeddings and vector search in BigQuery - A BigQuery solution for analyzing text in multiple languages is presented. It uses multilingual embeddings, vector index, and vector search to enable customers to search for products or business reviews in their preferred language and receive results in that same language. The solution also uses the Translation API to translate reviews from various languages into the language of the user's choice. This way, businesses can easily analyze and gain insights from reviews written in different languages, and users can access and understand reviews in their preferred language.

Square Enix’s journey of building an AI-driven Customer Data Platform - Square Enix, a Japanese video game and entertainment company, built a customer data platform (CDP) with Google Cloud to enhance its first-party data strategy. The CDP, called Single Gamer View (SGV), unifies all of Square Enix's databases, provides marketing automation, and feeds data back into marketing platforms to drive fan engagement. SGV has helped Square Enix increase player engagement, enhance marketing ROI measurement, and improve work efficiency.

Utilizing ClickHouse to Reduce Costs from Your BigQuery and Looker Usage Part 1 - Reduce your Looker and BigQuery Costs by Utilizing Clickhouse to “cache” your data.

Utilizing ClickHouse to Reduce Costs from Your BigQuery and Looker Usage Part 2 - Reduce your Looker and BigQuery Costs by Utilizing Clickhouse to “cache” your data.

BigQuery and Gemini: The Catalyst for Scaling Generative AI Skills - BigQuery and Gemini for Call Center Audio Analysis.

Unlocking Data Quality on Google Cloud Platform: Integrating Soda for Enhanced Data Integrity - Soda is a tool that enables Data Engineers, Data Scientists, and Data Analysts to test data for quality where and when they need to.

Did Google Just Kill Streamlit? - Checking out Google’s Mesop Framework to see if it’s better than Streamlit.

Building a Custom Classification API on Google Cloud: A Technical Deep Dive - Unlock the potential of LLMs with a custom API that streamlines content classification for many real-world applications.

How to: Build a Chat Web Application with Streamlit, Cloud Run and Gemini Flash - In this post, we’ll explore how to create a basic chat application using Gemini Flash, which is a powerful multimodal AI model from Google.

Vertex AI Controlled Generation with Gemini - Respond reliably with JSON and other formats.

Practical Guide: Using Gemini Context Caching with Large Codebases - Google has introduced Gemini context caching for Vertex AI and Google AI Studio users, allowing users to cache large and intricate datasets, including legal documents, medical records, long videos, images, and audio files. This significantly reduces costs and enhances user experience by eliminating the need to repeatedly send this content whenever a question is asked.

Slides, Videos, Audio

Kubernetes Podcast - #229 AI/ML in Kubernetes, with Maciej Szulik, Clayton Coleman, and Dawn Chen.

Security Podcast - #178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts.

Releases

Anthos Config Management - Config Controller is now supported in regions europe-west8, us-central2 and us-east7. Config Controller now uses the following versions of its included products: Config Connector v1.119.0.

Anthos Config Management - 1.18.2. Reverted an undocumented change to a metric name. Upgraded the Open Telemetry image from v0.99.0 to v0.102.0 to pick up vulnerability fixes. Resolved an issue that prevented the declared_resources metric from decrementing when an object became unmanaged by Config Sync.

Google Distributed Cloud Bare Metal - 1.29. Release 1.29.200-gke.243 Google Distributed Cloud for bare metal 1.29.200-gke.243 is now available for download. Functionality changes: Updated registry mirror support to allow you to specify a port for host addresses. Fixes: Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version. The following container image security vulnerabilities have been fixed in 1.29.200-gke.243 High-severity container vulnerabilities: CVE-2023-6270 CVE-2023-39323 CVE-2023-45285 CVE-2023-45287 CVE-2023-52434 CVE-2024-0565 CVE-2024-0985 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26898 CVE-2024-26907 CVE-2024-26934 CVE-2024-27020 Medium-severity container vulnerabilities: CVE-2023-7042 CVE-2023-39318 CVE-2023-39319 CVE-2023-39326 CVE-2023-47233 CVE-2023-52429 CVE-2023-52435 CVE-2023-52458 CVE-2024-0340 CVE-2024-0607 CVE-2024-22099 CVE-2024-23849 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861 CVE-2024-25739 CVE-2024-26600 CVE-2024-26602 CVE-2024-26606 CVE-2024-26901 CVE-2024-26903 CVE-2024-26910 CVE-2024-27013 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35997 GHSA-6xv5-86q9-7xr8 Low-severity container vulnerabilities: CVE-2022-38096 CVE-2023-5363 CVE-2023-6246 CVE-2023-6779 CVE-2023-6780 CVE-2023-52447 CVE-2023-52489 CVE-2023-52492 CVE-2023-52493 CVE-2023-52497 CVE-2023-52616 CVE-2023-52627 CVE-2023-52637 CVE-2023-52672 CVE-2024-0841 CVE-2024-23850 CVE-2024-26581 CVE-2024-26593 CVE-2024-26601 CVE-2024-26610 CVE-2024-26627 CVE-2024-26643 CVE-2024-26665 CVE-2024-26673 CVE-2024-26684 CVE-2024-26688 CVE-2024-26695 CVE-2024-26698 CVE-2024-26702 CVE-2024-26707 CVE-2024-26712 CVE-2024-26727 CVE-2024-26748 CVE-2024-26749 CVE-2024-26753 CVE-2024-26781 CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26790 CVE-2024-26795 CVE-2024-26808 CVE-2024-26809 CVE-2024-26814 CVE-2024-26833 CVE-2024-26835 CVE-2024-26848 CVE-2024-26855 CVE-2024-26861 CVE-2024-26862 CVE-2024-26870 CVE-2024-26877 CVE-2024-26885 CVE-2024-26891 CVE-2024-26895 CVE-2024-26897 CVE-2024-26924 CVE-2024-26925 CVE-2024-26926 CVE-2024-26935 CVE-2024-26937 CVE-2024-26950 CVE-2024-26951 CVE-2024-26970 CVE-2024-26978 CVE-2024-26988 CVE-2024-27030 CVE-2024-27038 CVE-2024-27044 CVE-2024-27045 CVE-2024-27047 CVE-2024-27052 CVE-2024-27053 CVE-2024-27065 CVE-2024-27076 CVE-2024-27414 CVE-2024-27417 CVE-2024-27431 CVE-2024-35785 CVE-2024-35796 CVE-2024-35813 CVE-2024-35829 CVE-2024-35833 CVE-2024-35845 CVE-2024-35852 CVE-2024-35853 CVE-2024-35854 CVE-2024-35855 CVE-2024-35879 CVE-2024-35884 CVE-2024-35895 CVE-2024-35897 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35958 CVE-2024-35962 CVE-2024-35983 CVE-2024-35988 CVE-2024-35990 CVE-2024-35996 CVE-2024-36005 CVE-2024-36006 CVE-2024-36007 CVE-2024-36008. Known issues: For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

GKE attached clusters - This release includes the following GKE attached clusters platform versions 1.29.0-gke.3, 1.28.0-gke.6, 1.27.0-gke.9.

GKE on AWS - You can now launch clusters with the following Kubernetes versions: 1.29.5-gke.700, 1.28.10-gke.800, 1.27.14-gke.700. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26923 For more information, see the GCP-2024-039 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26924 For more information, see the GCP-2024-038 security bulletin.

Anthos clusters on Azure - You can now launch clusters with the following Kubernetes versions. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26923 For more information, see the GCP-2024-039 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26924 For more information, see the GCP-2024-038 security bulletin.

Anthos clusters on VMware - Google Distributed Cloud for VMware 1.29.200-gke.242 is now available for download. The following issues are fixed in 1.29.200-gke.242: Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes. A vulnerability (CVE-2024-26924) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: For more information, see the GCP-2024-038 security bulletin.

GDCV for VMware - Google Distributed Cloud for VMware 1.29.200-gke.242 is now available for download. The following issues are fixed in 1.29.200-gke.242: Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes. A vulnerability (CVE-2024-26924) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: For more information, see the GCP-2024-038 security bulletin.

Apigee Advanced API Security - On June 27, 2024 we released a new version of Advanced API Security Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. Preview release of generative AI incident report summaries This release introduces the preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents.

Apigee X - On June 27, 2024, we released an updated version of Apigee. Apigee is now available in new regions: Europe - Berlin (europe-west10) Africa - Johannesburg (africa-south1) See Apigee locations for more information about available regions. On June 26, 2024, we released an updated version of Apigee (1-12-0-apigee-7). Bug ID Description N/A Upgraded infrastructure and libraries. These issues were fixed in 1-12-0-apigee-4-hotfix and are included in this release: Bug ID Description 337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.Upgraded storage for the Apigee router to the latest version to resolve 404 responses.Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses.

Apigee Hybrid - v1.12.1. hybrid v1.12.1 On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.1. Bug ID Description 347798999 Fixed an issue preventing configuration of forward proxies for OpenTelemetry collector pods. Bug ID Description 345791712 Security fix for fluent-bit. 1.11.2-hotfix.1. hybrid 1.11.2-hotfix.1 On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.1. Bug ID Description 347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics. 1.10.5-hotfix.1. hybrid 1.10.5-hotfix.1 On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.10.5-hotfix.1. Bug ID Description 347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.

App Hub - App Hub support is available in the asia-east2 (Hong Kong) and europe-west3 (Frankfurt, Germany) regions.

Cloud Architecture Center - (New guide) Migrate from AWS to Google Cloud: Migrate from Amazon RDS for SQL Server to Cloud SQL for SQL Server: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) to Cloud SQL for SQL Server.

Google Cloud Armor - Cloud Armor supports IP address groups in Preview. Cloud Armor support for Layer 7 filtering in globally scoped edge security policies for Media CDN is now Generally Available.

Assured Workloads Access Approval - Access Approval supports Apigee in the GA stage.

Assured Workloads Access Transparency - Access Transparency supports Apigee in the GA stage.

BigQuery - You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. You can now use the BigQuery JupyterLab plugin to explore your data, use BigQuery DataFrames in a Jupyter notebook, and deploy a BigQuery DataFrames notebook to Cloud Composer.

Billing - Avoid getting charged for idle Compute Engine reservations in the FinOps hub You can now get recommendations to modify or delete your idle, on-demand reservations for Compute Engine resources when you haven't consumed any resources for at least 7 days.

Cloud Build - Cloud Build support for Supply-chain Levels for Software Artifacts (SLSA) version 1.0 compliant provenance is now generally available to help you safeguard your automated build pipelines.

Certificate Authority Service - Certificate Authority Service is now available in the following region: africa-south1 For more information, see Certificate Authority Service locations.

Chronicle - You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features.

Chronicle Security Operations - You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features.

Chronicle SOAR - Release 6.3.8 is now in General Availability. Remote Agents Release 2.0.1 is now in General Availability. Release 6.3.9 is currently in Preview. Case List preferences are now saved permanently per user. Environment table column width display issue when using dynamic parameters with many characters (ID #51611835). Editing or saving any step in the playbook resets the view to zoom out (ID #00162859, #48257046).

Key Access Justifications - Access Approval supports Apigee in the GA stage.

Access Transparency - Access Transparency supports Apigee in the GA stage.

Cloud Composer - Cloud Composer is now available in Johannesburg (africa-south1).

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.67 1.2.11 2.0.75 2.2.11. Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.107-debian10, 2.0.107-rocky8, 2.0.107-ubuntu18 2.1.55-debian11, 2.1.55-rocky8, 2.1.55-ubuntu20, 2.1.55-ubuntu20-arm 2.2.21-debian12, 2.2.21-rocky9, 2.2.21-ubuntu22.

Datastore - Scheduled backups are now available in GA.

Cloud Deploy - You can now set the logging level to debug, or the equivalent, for Skaffold, gcloud, and kubectl, using the verbose flag in each target's execution environment. Cloud Deploy now supports deploying using a proxy for Google Kubernetes Engine targets.

Dialogflow - Dialogflow ES: As of May 27 2024, Twilio no longer supports integrations with Dialogflow ES. Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Google Distributed Cloud Edge - Distributed Cloud connected 1.7.0. This is a minor release of Google Distributed Cloud connected (version 1.7.0). The following new functionality has been introduced in this release of Google Distributed Cloud connected: Customer-sourced hardware. The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected: Worker node software upgrades are now staggered. The following functionality has been deprecated in this release of Google Distributed Cloud connected: Cloud control plane cluster support. The following issues have been resolved in this release of Google Distributed Cloud connected: Symcloud Storage volume clean-up now functions correctly. This release of Google Distributed Cloud connected contains the following known issues: Refreshed Google Distributed Cloud connected hardware requires Google Distributed Cloud connected software version 1.7.0 or later.

Cloud Data Loss Prevention - The INDIA_PASSPORT infoType detector is available in all regions. If you set InfoType.version to latest when including the PHONE_NUMBER infoType in your InspectConfig, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results. The RELIGIOUS_TERM infoType detector is available in Preview in all regions. A new detection model is available for the ORGANIZATION_NAME infoType detector.

Cloud Firestore - Scheduled backups are now available in GA.

Cloud Functions - Cloud Functions 1st gen and 2nd gen now support custom service accounts for Cloud Build at the General Availability release level. To simplify searches and improve your documentation experience, we have split the 1st generation and 2nd generation documentation into separate documentation sets. Cloud Functions (2nd gen) now supports fully automatic security updates.

Integration Connectors - The following connectors are now generally available (GA): Greenplum MetaAds To view the list of all the GA connectors, see Connectors in GA. Connectors for Google services The following new connectors are available in preview: Cloud Search Google Dialogflow Google Safe Browsing Google Sheets Google Slides Identity and Access Management Youtube.

Backup for GKE - Backup for GKE now supports creating a backup plan when creating a cluster.

Google Kubernetes Engine - Resource requests for anetd Pods have been increased from 200mil CPU and 110m memory to 205mil CPU and 230m memory. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26923 For more information, see the GCP-2024-039 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26924 For more information, see the GCP-2024-038 security bulletin. (2024-R21) Version updates GKE cluster versions have been updated.

GKE - (2024-R21) Version updates The following versions are now available: 1.26.15-gke.1469000 1.27.14-gke.1100000 1.27.15-gke.1012000 1.28.10-gke.1148000 1.28.11-gke.1019000 1.29.6-gke.1038000 The following node versions are now available: 1.26.15-gke.1469000 1.27.14-gke.1100000 1.27.15-gke.1012000 1.28.10-gke.1148000 1.28.11-gke.1019000 1.29.6-gke.1038000 The following versions are no longer available: 1.26.15-gke.1436000 1.27.11-gke.1062003 1.27.14-gke.1093000 1.28.10-gke.1141000 1.29.5-gke.1121000 1.29.5-gke.1192000 Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.

Google Kubernetes Engine Rapid - (2024-R21) Version updates Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.

Google Kubernetes Engine Regular - (2024-R21) Version updates The following versions are now available in the Regular channel: 1.26.15-gke.1390000 1.27.14-gke.1042000 1.28.10-gke.1075000 1.29.5-gke.1091000.

Google Kubernetes Engine Stable - (2024-R21) Version updates Version 1.27.13-gke.1070000 is now the default version in the Stable channel.

Cloud Logging - You can now analyze your billable log volume when using Log Analytics. Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). Gauges and scorecards are now available to visualize the results of your SQL queries.

Media CDN - Globally scoped Cloud Armor edge security policies for Layer 7 filtering are now Generally Available.

Migration Center - Generally available: Database discovery and assessment is generally available. Generally available: A new version of Migration Center discovery client, 6.3.0, is generally available. Added support for local report generation that provides detailed technical fit assessment for migration and modernization. Custom scheduling of periodic data collection lets you define opt-out schedules from periodic collection per server. The discovery client collects network statistics such as open ports and traffic usage per connection to provide the information required to analyze network dependencies in the Migration Center. User control on analytics and Cloud Logging during installation lets you opt out from sending data to Google. View the discovery client logs from the Migration Center Console for easy troubleshooting of any communication issues between remote discovery client applications and Migration Center. Fixed an issue that may cause instability when scanning over 2000 servers.

Cloud Monitoring - You can now configure your dashboards to show disruptions in Google Cloud Services. Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). You can now configure your dashboards to show when incidents were opened.

NetApp - NetApp Volumes now supports committed use discounts (CUDs).

Network Connectivity Center - Route exchange with VPC spokes is now available in public preview.

Cloud Run - The following IAM roles are now available in preview: Cloud Run Source Developer (roles/run.sourceDeveloper) for deploying a Cloud Run service or job from source.

Security Command Center - Introducing the Security Command Center Risk Engine Security Command Center introduces Risk Engine as the name of the functionality that provides attack path simulations, attack exposure scores, attack path visualizations, and toxic combination findings. Toxic combination findings release to Preview In the Enterprise tier of Security Command Center, the Risk Engine generates a finding when it detects a toxic combination during attack path simulations. The release note for the toxic combination feature published on June 25, 2024 was updated to explain the staged release of the feature. Install new version of the Security Command Center Enterprise use case The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise.

Sensitive Data Protection - The INDIA_PASSPORT infoType detector is available in all regions. If you set InfoType.version to latest when including the PHONE_NUMBER infoType in your InspectConfig, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results. The RELIGIOUS_TERM infoType detector is available in Preview in all regions. A new detection model is available for the ORGANIZATION_NAME infoType detector.

Service Mesh - 1.21.x. 1.21.4-asm.0 is now available for in-cluster Cloud Service Mesh.

SAP Solutions - New SAP certification: 16 TB X4 bare metal machine type The Compute Engine memory-optimized bare metal machine type x4-megamem-960-metal is generally available (GA) and certified by SAP for use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads. Google Cloud's Agent for SAP version 3.4 Version 3.4 of Google Cloud's Agent for SAP is generally available (GA).

Cloud SQL MySQL - You can now upgrade the network architecture of Cloud SQL for MySQL instances that store transaction logs used for point-in-time recovery (PITR) in Cloud Storage.

Cloud Storage - You can now specify the Frankfurt, Germany (europe-west3) and Paris, France (europe-west9) regions when using regional endpoints.

Traffic Director - 1.21.x. 1.21.4-asm.0 is now available for in-cluster Cloud Service Mesh.

VPC Service Controls - VPC Service Controls feature: Support for using an internal IP address to allow access to protected resources is generally available.

Virtual Private Cloud - Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects.

Access Approval - Access Approval supports Apigee in the GA stage.

AlloyDB - AlloyDB Omni version 15.5.4 is generally available (GA).